diff --git a/.gitignore b/.gitignore
index 32cf204..41b1ddb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 /*.sig
+/*.tar.gz
 /*.tar.xz
 /xz-*/
diff --git a/colorxzgrep.sh b/colorxzgrep.sh
index 4a91d70..cdbc14f 100644
--- a/colorxzgrep.sh
+++ b/colorxzgrep.sh
@@ -1,3 +1,4 @@
+# shellcheck shell=sh
 /usr/libexec/grepconf.sh -c || return
 alias xzgrep='xzgrep --color=auto' 2>/dev/null
 alias xzegrep='xzegrep --color=auto' 2>/dev/null
diff --git a/gpgkey-3690C240CE51B4670D30AD1C38EE757D69184620.asc b/gpgkey-3690C240CE51B4670D30AD1C38EE757D69184620.asc
deleted file mode 100644
index 44e17c1..0000000
--- a/gpgkey-3690C240CE51B4670D30AD1C38EE757D69184620.asc
+++ /dev/null
@@ -1,75 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBEzEOZIBEACxg/IuXERlDB48JBWmF4NxNUuuup1IhJAJyFGFSKh3OGAO2Ard
-sNuRLjANsFXA7m7P5eTFcG+BoHHuAVYmKnI3PPZtHVLnUt4pGItPczQZ2BE1WpcI
-ayjGTBJeKItX3Npqg9D/odO9WWS1i3FQPVdrLn0YH37/BA66jeMQCRo7g7GLpaNf
-IrvYGsqTbxCwsmA37rpE7oyU4Yrf74HT091WBsRIoq/MelhbxTDMR8eu/dUGZQVc
-Kj3lN55RepwWwUUKyqarY0zMt4HkFJ7v7yRL+Cvzy92Ouv4Wf2FlhNtEs5LE4Tax
-W0PO5AEmUoKjX87SezQK0f652018b4u6Ex52cY7p+n5TII/UyoowH6+tY8UHo9yb
-fStrqgNE/mY2bhA6+AwCaOUGsFzVVPTbjtxL3HacUP/jlA1h78V8VTvTs5d55iG7
-jSqR9o05wje8rwNiXXK0xtiJahyNzL97Kn/DgPSqPIi45G+8nxWSPFM5eunBKRl9
-vAnsvwrdPRsR6YR3uMHTuVhQX9/CY891MHkaZJ6wydWtKt3yQwJLYqwo5d4DwnUX
-CduUwSKv+6RmtWI5ZmTQYOcBRcZyGKml9X9Q8iSbm6cnpFXmLrNQwCJN+D3SiYGc
-MtbltZo0ysPMa6Xj5xFaYqWk/BI4iLb2Gs+ByGo/+a0Eq4XYBMOpitNniQARAQAB
-tCdMYXNzZSBDb2xsaW4gPGxhc3NlLmNvbGxpbkB0dWthYW5pLm9yZz6JAlEEEwEK
-ADsCGwMCHgECF4AECwkIBwMVCggFFgIDAQAWIQQ2kMJAzlG0Zw0wrRw47nV9aRhG
-IAUCYEt9dQUJFxeR4wAKCRA47nV9aRhGIBNDEACxD6vJ+enZwe3IgkJh5JtLsC9b
-MWCQRlPW1EVMsg96Cb5Rtron1eN1pp1TlzENJu1/C7C/VEsr9WwOPg26Men7fNf/
-O21QM9IBWd/uB0Pu333WqKh92ESS5x9ST9DrG39nVGSPkQQBMuia72VrA+crPnwT
-/h/u1IN6/sff5VDIU24rUiqW2Npy733dANruj7Ny0scRXVPltnVdhqwPHt6qNjC1
-t+/cCnwHgW1BR1RYXBPpB42z/m29dL9rPrG0YPGWs2Bc+EATUICfEE6eIvwfciue
-IJTjKT9Y9DrogJC2AYFhjC7N04OKdCB2hFs4BjexJwr4X0GJO7LhFl03c951AsIE
-GHwrucRPB5bo2vmvQ8IvZn7CmtdUJzXv9JlyU6p+MIK1pz7TK6GgSOSffQIXZn6e
-nUPtm9mEwuncOfmW8/ODYPs1gCWYgyiFJx8h7eEu+M4MxHSFBs7MwXf/Ae2fSp+M
-P/p198qB8fC5oVBnF95qb0Qi0uc1D+Gb+gpBF+ymMb+s/VBOR3QWiym7AzBrJ62g
-UnbC9jMLGnSRI+7p7raUfMTgXr5/oQoBw7ExJVltSSRrim2YH/t4CV47mO6dR9J3
-1RtsTFIRNhz+07XPsETcuCV/dgqeC8fOFLt9MY17Sufhb1DcGy4urZBOIhXcpTV7
-vHVj5IYH5nYOT49NRYkCOAQTAQIAIgUCTMQ5kgIbAwYLCQgHAwIGFQgCCQoLBBYC
-AwECHgECF4AACgkQOO51fWkYRiAg4A/7BXKwoRaXrMbMPOW7vuVF7c2IKB2Yqzn1
-vLBCwuEHkqY237lDcXY4/5LR+1gcZ3Duw1n/BRSm0FBdvyX/JTWiWNSDUkKAO/0l
-T2Tg44YLrDT3bzwu8dbU9xQt6kH+SCOHvv5Oe4k79l5mro6fF3H1M0bN63x/YoFY
-ojy09D7/JptY82oR4f/VdKnfZLJcCViCb0wp8SD2NkDAudKg+K+7PD8HlTWklQQg
-TZdRXxVZKIJeU42aJDqnRbAhJd64YHyClhqut9F5LUmiP5qfLfNhkKDhNOwk2Blr
-BGBJkSd7wPyzcX4Mun/L6YspHjbeVMt9TD7HQlo+OOd2OjAHCx6pqwkXnzeLPEaE
-cPdQ1SHgrBViAxX3DNPubLP0Knw8XwFu96EuhHZgexE1W7bB4LFsJyXAc5k1PqPD
-CLsAauxmvI2OfI7opG/8wyxDvNgoPjG8fZNAgY0REqPC0JnTXChH31IxUmhNotH8
-tD3DDTZOHw05n5MwwUrEE9xiETVDfFQcMLfxZ9KLz+BC2g1t5LYublRgnCMNJzFg
-sNUMM02CphABzl/LCLnumr0eyQQ/weV4twEhLwSDmqLYHL0EdYW0Y3CnnU9vmYxQ
-cXKbstS71sEJJYBBmSBbf9GxkOY8BRNtwVwY0kPgxv1WqdVBiAFvfB+pyAsrax9B
-3UeB7ZSwRD6JAhwEEAEKAAYFAlS25GwACgkQlbYYGy0z6ew92Q//ZA9/6piQtoW4
-PwP/1DtWGyKU8hwR+9FG669iPk/dAG+yoEJtFMOUpg/FUFmCX8Bc4oEHsCVyLxKt
-DcCVUIRcYNSFi5hTZaBEbwsOlDT37gtlfIIu34hhHRccKaLnN/N9gNMNw8wGh9xg
-Q/KtxZwcbk/bZIlDkKTJkFBRAekdEGAFDWb/AZOy+LQxS8ZAh1eWkfV0i8opmK9k
-gPXtLE0WSsqtYyGs58z+BFE9NH3tEUwK6jSvtuLwQl4UrICNbKthcpb8WwH6UXzb
-q3QNSYVOpf/cqRdBJA6bvb/ku/xyKVL08lGmxD9v1b137R7mafDAFPTsvH2Mt/0V
-YuhtWav3r1Bl9QksDxt2DTS8wiWDUBetGqOVdcw7vBrXPEWDNBmxeJXsiJ7zJlR+
-9wrJOm6RV2+l1IPxu96EaPS+kTNBijKrhxb67bww8BTEWTd0wcdJmgWRkM8SIstp
-IKqd0L2TFYph2/NtrBhRg+DIEPJPpSTGsUMcCEXCZPQ+cIdlQKsWpk0tZ62DlvEl
-r7E+wgUSQolRfx5KrpZifiS2zQlhzdXv28CJhsVbLyw5fUAWUKIH/dCo5NKsNLk2
-Lc5DH9VWnFgxAAtW290FqeK/4ulMq7Vs1dQSwyHM2Ni3QqqeaiOrh8gbSY5CMLFN
-Y3HYRwuTYPa3AobsozCzBj0Zdf/6AFe5Ag0ETMQ5kgEQAL/FwKdjxgPxtSpgq1SM
-zgZtTTyLqhgGD3NZfadHWHYRIL38NDV3JeTA79Y2zj2dj7KQPDT+0aqeizTV2E3j
-P3iCQ53VOT4consBaQAgKexpptnS+T1DobtICFJ0GGzf0HRj6KO2zSOuOitWPWlU
-wbvX7M0LLI2+hqlx0jTPqbJFZ/Za6KTtbS6xdCPVUpUqYZQpokEZcwQmUp8Q+lGo
-JD2sNYCZyap63X/aAOgCGr2RXYddOH5e8vGzGW+mwtCv+WQ9Ay35mGqI5MqkbZd1
-Qbuv2b1647E/QEEucfRHVbJVKGGPpFMUJtcItyyIt5jo+r9CCL4Cs47dF/9/RNwu
-NvpvHXUyqMBQdWNZRMx4k/NGD/WviPi9m6mIMui6rOQsSOaqYdcUX4Nq2Orr3Oaz
-2JPQdUfeI23iot1vK8hxvUCQTV3HfJghizN6spVl0yQOKBiE8miJRgrjHilH3hTb
-xoo42xDkNAq+CQo3QAm1ibDxKCDq0RcWPjcCRAN/Q5MmpcodpdKkzV0yGIS4g7s5
-frVrgV/kox2r4/Yxsr8K909+4H82AjTKGX/BmsQFCTAqBk6p7I0zxjIqJ/w33TZB
-Q0Pn4r3WIlUPafzY6a9/LAvN1fHRxf9SpCByJsszD03Qu5f5TB8gthsdnVmTo7jj
-iordEKMtw2aEMLzdWWTQ/TNVABEBAAGJAjwEGAEKACYCGwwWIQQ2kMJAzlG0Zw0w
-rRw47nV9aRhGIAUCYEt9YAUJFxeRzgAKCRA47nV9aRhGIMLtD/9HuKM4pngImcuz
-YwzQmdv4j26YYyh4jVsKEmVWTiRcehEgUIlrWkCu3qzd5NK+RetS7kJ8MPnzEUfj
-YbpdC6yrF6n1mSrZZ4VJMkV2ev37bIgXM+Wp1mCAGbjNxQnjn9RabT/gjIqmGuRn
-AP7RsSeOSuO/gO9h2Pteciz23ussTilB+8cTooQEQQZe6Kv/zukvL+ccSehLHsZ7
-qVfRUAmtt8nFkXXE+s8jfLfhqstaI2/RJu5witaPcXM8Mnz2E95aASAbZy0eQot9
-0Pvf07n9yuC3tueTvzvlXx3h5U3yT44tIOmzANIQjay1TGdm+RBJ2ZYyhyLawlZ2
-NVUXXSp4QZZXPA0UWbF+pb7Q9cdKDNFVuvGBljuea0Yd0T2o+ibDq43HziX9ll+l
-SXk9mqvW1UcDOaxWrSsm1Gc1O9g3wqH5xHAhtY8GPh/7VgAawskPkmnlkMW6pYPy
-zibbeISJL1gd1jIT63y6aoVrtNoo+wYJm280ROflh4+5QOo6QJ+jm70fkXSG/qJ5
-a8/qCPTHkJc/rpkL6/TDQAJURi9RhDAC0gb40HtusbN1LZEA+i0cWTmYXap+DB4Y
-R4pApilpaG87M+VUokR4xpnx7vTb2MPa7Mdenvi9FEGnKXadmT8038vlfzz5GGUT
-MlVin9BQPTpdA+PpRiJvKJgVDeAFOg==
-=asTC
------END PGP PUBLIC KEY BLOCK-----
diff --git a/lasse_collin_pubkey.txt b/lasse_collin_pubkey.txt
new file mode 100644
index 0000000..4a391c6
--- /dev/null
+++ b/lasse_collin_pubkey.txt
@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBEzEOZIBEACxg/IuXERlDB48JBWmF4NxNUuuup1IhJAJyFGFSKh3OGAO2Ard
+sNuRLjANsFXA7m7P5eTFcG+BoHHuAVYmKnI3PPZtHVLnUt4pGItPczQZ2BE1WpcI
+ayjGTBJeKItX3Npqg9D/odO9WWS1i3FQPVdrLn0YH37/BA66jeMQCRo7g7GLpaNf
+IrvYGsqTbxCwsmA37rpE7oyU4Yrf74HT091WBsRIoq/MelhbxTDMR8eu/dUGZQVc
+Kj3lN55RepwWwUUKyqarY0zMt4HkFJ7v7yRL+Cvzy92Ouv4Wf2FlhNtEs5LE4Tax
+W0PO5AEmUoKjX87SezQK0f652018b4u6Ex52cY7p+n5TII/UyoowH6+tY8UHo9yb
+fStrqgNE/mY2bhA6+AwCaOUGsFzVVPTbjtxL3HacUP/jlA1h78V8VTvTs5d55iG7
+jSqR9o05wje8rwNiXXK0xtiJahyNzL97Kn/DgPSqPIi45G+8nxWSPFM5eunBKRl9
+vAnsvwrdPRsR6YR3uMHTuVhQX9/CY891MHkaZJ6wydWtKt3yQwJLYqwo5d4DwnUX
+CduUwSKv+6RmtWI5ZmTQYOcBRcZyGKml9X9Q8iSbm6cnpFXmLrNQwCJN+D3SiYGc
+MtbltZo0ysPMa6Xj5xFaYqWk/BI4iLb2Gs+ByGo/+a0Eq4XYBMOpitNniQARAQAB
+tCdMYXNzZSBDb2xsaW4gPGxhc3NlLmNvbGxpbkB0dWthYW5pLm9yZz6JAlEEEwEK
+ADsCGwMCHgECF4AECwkIBwMVCggFFgIDAQAWIQQ2kMJAzlG0Zw0wrRw47nV9aRhG
+IAUCZZwJyQUJGuHiNwAKCRA47nV9aRhGIE4qD/4jdFTe3WPpLgvz/jdlbnSZxr7q
+OS6H/ZJFENHO4SbavXdoXLtj+t6/lqWq890Js8IpWaaiJLowzW1xJMEg99W6k0KD
+3pHUbwPxf0GCSAt/W4JYxdTj+1ggdHjx5yBAmOakjnOH+ZDKQNBnDOI6ghf3ew+H
+9z/b0mQX3rlQbtoqSPZtuDOdFcjCOSwEyqdV+9eNqnv2CoKZkiGoUB1WGCbqKUkY
+KiUJ3WldmPQ5RQYjEi7zZWVac1VuwBA0XOku+W4cCJ5DnPyK7CtMwC84VvaodlOX
+UAK3Y5BIZpZM2Rk6yMX5lFDA5nA8UuHJQRDjTVmh3BIdgRvp0ZV6ogtqNE7RifpW
+aBWDIsCkimcbCJJM+edOLiVZog+ia1Ts8zu33wj7Tnvp5znLc8NLZIqwu1HKLS97
+m+Yf5oC3ObTZtXbVF+OglWe/3ljLHdL2bJxNdtcVlChSNPUW3fgLHk9Fzrlnqdab
+tSGwI/0Ryt00cKjRiMOagTn5Nly6boCtgGYdQafQoSrs3eQjnWVgbNYDMgPyl4k+
+Q5RJLEY7AvtXo7FUEgOTfr9PWmjmc2JzGpxbtwl6sQi6yLrBZTRf1Xao2OjOje6G
+XdUbXNmgOv16sWxcI0s4lX1z28BgHQfwXhBFBRjw2Sy+6TfFXjX24thcpMwvyJ3c
+xhMtdY4N4jyfRjYe8LkCDQRMxDmSARAAv8XAp2PGA/G1KmCrVIzOBm1NPIuqGAYP
+c1l9p0dYdhEgvfw0NXcl5MDv1jbOPZ2PspA8NP7Rqp6LNNXYTeM/eIJDndU5Phyi
+ewFpACAp7Gmm2dL5PUOhu0gIUnQYbN/QdGPoo7bNI646K1Y9aVTBu9fszQssjb6G
+qXHSNM+pskVn9lropO1tLrF0I9VSlSphlCmiQRlzBCZSnxD6UagkPaw1gJnJqnrd
+f9oA6AIavZFdh104fl7y8bMZb6bC0K/5ZD0DLfmYaojkyqRtl3VBu6/ZvXrjsT9A
+QS5x9EdVslUoYY+kUxQm1wi3LIi3mOj6v0IIvgKzjt0X/39E3C42+m8ddTKowFB1
+Y1lEzHiT80YP9a+I+L2bqYgy6Lqs5CxI5qph1xRfg2rY6uvc5rPYk9B1R94jbeKi
+3W8ryHG9QJBNXcd8mCGLM3qylWXTJA4oGITyaIlGCuMeKUfeFNvGijjbEOQ0Cr4J
+CjdACbWJsPEoIOrRFxY+NwJEA39Dkyalyh2l0qTNXTIYhLiDuzl+tWuBX+SjHavj
+9jGyvwr3T37gfzYCNMoZf8GaxAUJMCoGTqnsjTPGMion/DfdNkFDQ+fivdYiVQ9p
+/Njpr38sC83V8dHF/1KkIHImyzMPTdC7l/lMHyC2Gx2dWZOjuOOKit0Qoy3DZoQw
+vN1ZZND9M1UAEQEAAYkCPAQYAQoAJgIbDBYhBDaQwkDOUbRnDTCtHDjudX1pGEYg
+BQJlnAmyBQka4eIgAAoJEDjudX1pGEYguyYQAJo+5SnMMdu+d70mWfUb9PZg7P5C
+GRepHnckx9Sis5oR5s7NNl5j5Yy4J1UwsmrP+mn52ujqewkkVsCq65NGQQx7+tkw
+uKGvnGBkHdrI+aJk86qLMf4DlnNJEmN8t5jTGQfRLbFVf2I8EY6qXAzCSmL9Zs++
+rDUz65GOTB1EP0XmBRsuVYRfDbFezrPQH0JDucbXFi/2BDnl2/Mk9NBoQ0CvB4oG
+tLDiQZ+jV7n1VXXJ1faD9s7i0hOTdcG6rlyIqi/LyAzdCnOYTkmv3U1kdmzkvrh1
+KEiejnM5fj27RE2v191vh3hgZ+X5+uwjNTP0QC4qP8XykQOAA8usOMVZ72lyXCAk
+wiUcRdrAXLN/XbIFNcQ3m4d3W6t60Gk09wFlUKaEltDMlPUsxiSG3qFwFGPBP6UV
+h3mjJMAl1jltLrR7ybez0SczfrcAtdCsKTvgzV9W2TzUfK2R9PBanmXTXK2M7yU3
+IquHt3Je4aSP7XYb5D+ajlbFNvnXOYcai8WryfC5nLAfV4MbPX+UlRaYCqqHVhut
+gK93re1L5mMI3zjG5Ri5jLpUA9toSJCIJIY5zwr/8LL/ZL4TixXlouA17yjkpY/e
+Bjs8cNj1O3aM4jY2FKCS8UbfxOiARk/5kBMRPEZ/mqpMQttzE8KVjOv6fRxy/eVE
+888/gToe5kb8qYwy
+=6rZC
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/sources b/sources
index 1103c39..f0abd9a 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,2 @@
-SHA512 (xz-5.2.5.tar.xz) = 59266068a51cb616eb31b67cd8f07ffeb2288d1391c61665ae2ec6814465afac80fec69248f6a2f2db45b44475af001296a99af6a32287226a9c41419173ccbb
-SHA512 (xz-5.2.5.tar.xz.sig) = ea0218ac25843c8b44686871fba573809618f074465ec52f5966a082aeeb5e01bd646d462a56a6af7a786e1c69a05b135a6735ad1f3be27daecf3a2f9be865a5
-SHA512 (xzgrep-ZDI-CAN-16587.patch.sig) = 527c2702cf3ff3ddee6e49feb6d2305e4e9cd786f856b25f0cb5776df1341c5a960ba54c179cb27c507011e1223baf4a10de8a546199806ff96f531f62b9f136
+SHA512 (xz-5.8.2.tar.gz) = 0b808fc8407e7c50da3a7b2db05be732c2fcd41850b92c7f5647181443483848ff359e176c816ce2038c115273f51575877c14f1356417cc9d53845841acb063
+SHA512 (xz-5.8.2.tar.gz.sig) = 91c8d49d8ad0eb1e128203cf2c051fb200ec0e2b5eebea10a39945a998d24f11652a000faefa688d129327593043271314cbf115d78c21eeed738476dd2defb6
diff --git a/xz-5.2.5-enable_CET.patch b/xz-5.2.5-enable_CET.patch
deleted file mode 100644
index e0b3265..0000000
--- a/xz-5.2.5-enable_CET.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From: H.J. Lu <hjl.tools@gmail.com>
-Date: Wed, 23 Dec 2020 15:49:04 +0100 (06:49 -0800)
-Subject: [PATCH] liblzma: Enable Intel CET in x86 CRC assembly codes
-
-When Intel CET is enabled, we need to include <cet.h> in assembly codes
-to mark Intel CET support and add _CET_ENDBR to indirect jump targets.
-
-Tested on Intel Tiger Lake under CET enabled Linux.
----
- src/liblzma/check/crc32_x86.S | 9 +++++++++
- src/liblzma/check/crc64_x86.S | 9 +++++++++
- 2 files changed, 18 insertions(+)
-
-diff --git a/src/liblzma/check/crc32_x86.S b/src/liblzma/check/crc32_x86.S
-index 67f68a4..e3745e6 100644
---- a/src/liblzma/check/crc32_x86.S
-+++ b/src/liblzma/check/crc32_x86.S
-@@ -51,6 +51,14 @@ init_table(void)
-  * extern uint32_t lzma_crc32(const uint8_t *buf, size_t size, uint32_t crc);
-  */
- 
-+/* When Intel CET is enabled, include <cet.h> in assembly code to mark
-+   Intel CET support.  */
-+#ifdef __CET__
-+# include <cet.h>
-+#else
-+# define _CET_ENDBR
-+#endif
-+
- /*
-  * On some systems, the functions need to be prefixed. The prefix is
-  * usually an underscore.
-@@ -83,6 +91,7 @@ init_table(void)
- 
- 	ALIGN(4, 16)
- LZMA_CRC32:
-+	_CET_ENDBR
- 	/*
- 	 * Register usage:
- 	 * %eax crc
-diff --git a/src/liblzma/check/crc64_x86.S b/src/liblzma/check/crc64_x86.S
-index f5bb84b..7ee08f6 100644
---- a/src/liblzma/check/crc64_x86.S
-+++ b/src/liblzma/check/crc64_x86.S
-@@ -41,6 +41,14 @@ init_table(void)
-  * extern uint64_t lzma_crc64(const uint8_t *buf, size_t size, uint64_t crc);
-  */
- 
-+/* When Intel CET is enabled, include <cet.h> in assembly code to mark
-+   Intel CET support.  */
-+#ifdef __CET__
-+# include <cet.h>
-+#else
-+# define _CET_ENDBR
-+#endif
-+
- /*
-  * On some systems, the functions need to be prefixed. The prefix is
-  * usually an underscore.
-@@ -73,6 +81,7 @@ init_table(void)
- 
- 	ALIGN(4, 16)
- LZMA_CRC64:
-+	_CET_ENDBR
- 	/*
- 	 * Register usage:
- 	 * %eax crc LSB
--- 
-2.26.0
-
diff --git a/xz.spec b/xz.spec
index ab00323..d75d810 100644
--- a/xz.spec
+++ b/xz.spec
@@ -3,31 +3,29 @@
 
 Summary:	LZMA compression utilities
 Name:		xz
-Version:	5.2.5
-Release:	9%{?dist}
+Epoch:		1
+Version:	5.8.2
+Release:	1%{?dist}
+
+# liblzma - 0BSD
+# xz{,dec}, lzma{dec,info} - 0BSD
+#    - getopt_long - LGPL-2.1-or-later - not built in Fedora
+# xz{grep,diff,less,more} - GPL-2.0-or-later
+# docs - BSD0 AND LicenseRef-Fedora-Public-Domain
+# man pages and translations - 0BSD AND LicenseRef-Fedora-Public-Domain
+# See: https://gitlab.com/fedora/legal/fedora-license-data/-/issues/547
+License:	0BSD AND GPL-2.0-or-later AND LicenseRef-Fedora-Public-Domain
 
-# Scripts xz{grep,diff,less,more} and symlinks (copied from gzip) are
-# GPLv2+, binaries are Public Domain (linked against LGPL getopt_long but its
-# OK), documentation is Public Domain.
-License:	GPLv2+ and Public Domain
 # official upstream release
-Source0:	https://tukaani.org/%{name}/%{name}-%{version}.tar.xz
-Source1:	https://tukaani.org/%{name}/%{name}-%{version}.tar.xz.sig
-# https://tukaani.org/misc/lasse_collin_pubkey.txt
-Source2:        gpgkey-3690C240CE51B4670D30AD1C38EE757D69184620.asc
-# Signature for Patch2
-Source3:        https://tukaani.org/%{name}/xzgrep-ZDI-CAN-16587.patch.sig
+Source0:	https://github.com/tukaani-project/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
+Source1:	https://github.com/tukaani-project/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz.sig
+Source2:	https://tukaani.org/misc/lasse_collin_pubkey.txt
 
 Source100:	colorxzgrep.sh
 Source101:	colorxzgrep.csh
 
-Patch1:		xz-5.2.5-enable_CET.patch
-# xzgrep: arbitrary-file-write vulnerability (CVE-2022-1271)
-# NOTE: Source3 contains the upstream signature for this patch
-Patch2:		https://tukaani.org/%{name}/xzgrep-ZDI-CAN-16587.patch
-
 URL:		https://tukaani.org/%{name}/
-Requires:	%{name}-libs%{?_isa} = %{version}-%{release}
+Requires:	%{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
 
 # For /usr/libexec/grepconf.sh (RHBZ#1189120).
 # Unfortunately F21 has a newer version of grep which doesn't
@@ -38,6 +36,7 @@ BuildRequires:	make
 BuildRequires:	gcc
 BuildRequires:	gnupg2
 BuildRequires:	perl-interpreter
+BuildRequires:	autoconf automake libtool gettext-devel
 
 
 %description
@@ -53,7 +52,7 @@ decompression speed fast.
 
 %package 	libs
 Summary:	Libraries for decoding LZMA compression
-License:	Public Domain
+License:	0BSD
 Obsoletes:	%{name}-compat-libs < %{version}-%{release}
 
 %description 	libs
@@ -62,7 +61,7 @@ Libraries for decoding files compressed with LZMA or XZ utils.
 
 %package 	static
 Summary:	Statically linked library for decoding LZMA compression
-License:	Public Domain
+License:	0BSD
 
 %description 	static
 Statically linked library for decoding files compressed with LZMA or
@@ -71,8 +70,8 @@ XZ utils.  Most users should *not* install this.
 
 %package 	devel
 Summary:	Devel libraries & headers for liblzma
-License:	Public Domain
-Requires:	%{name}-libs%{?_isa} = %{version}-%{release}
+License:	0BSD
+Requires:	%{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
 
 %description	devel
 Devel libraries and headers for liblzma.
@@ -80,9 +79,9 @@ Devel libraries and headers for liblzma.
 
 %package 	lzma-compat
 Summary:	Older LZMA format compatibility binaries
-# Just a set of symlinks to 'xz' + two Public Domain binaries.
-License:	Public Domain
-Requires:	%{name}%{?_isa} = %{version}-%{release}
+# Just a set of symlinks to some files in the 'xz' package.
+License:	0BSD AND GPL-2.0-or-later AND LicenseRef-Fedora-Public-Domain
+Requires:	%{name}%{?_isa} = %{epoch}:%{version}-%{release}
 Obsoletes:	lzma < %{version}
 Provides:	lzma = %{version}
 
@@ -93,8 +92,8 @@ commands that deal with the older LZMA format.
 
 %prep
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
-%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE3}' --data='%{PATCH2}'
 %autosetup -p1
+autoreconf -fi
 
 
 %build
@@ -137,7 +136,15 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check
 %exclude %_pkgdocdir/examples*
 %{_bindir}/*xz*
 %{_mandir}/man1/*xz*
-%{_mandir}/de/man1/*xz*
+%lang(de) %{_mandir}/de/man1/*xz*
+%lang(fr) %{_mandir}/fr/man1/*xz*
+%lang(it) %{_mandir}/it/man1/*xz*
+%lang(ko) %{_mandir}/ko/man1/*xz*
+%lang(pt_BR) %{_mandir}/pt_BR/man1/*xz*
+%lang(ro) %{_mandir}/ro/man1/*xz*
+%lang(sr) %{_mandir}/sr/man1/*xz*
+%lang(sv) %{_mandir}/sv/man1/*xz*
+%lang(uk) %{_mandir}/uk/man1/*xz*
 %{profiledir}/*
 
 
@@ -163,10 +170,122 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check
 %files lzma-compat
 %{_bindir}/*lz*
 %{_mandir}/man1/*lz*
-%{_mandir}/de/man1/*lz*
+%lang(de) %{_mandir}/de/man1/*lz*
+%lang(fr) %{_mandir}/fr/man1/*lz*
+%lang(it) %{_mandir}/it/man1/*lz*
+%lang(ko) %{_mandir}/ko/man1/*lz*
+%lang(pt_BR) %{_mandir}/pt_BR/man1/*lz*
+%lang(ro) %{_mandir}/ro/man1/*lz*
+%lang(sr) %{_mandir}/sr/man1/*lz*
+%lang(sv) %{_mandir}/sv/man1/*lz*
+%lang(uk) %{_mandir}/uk/man1/*lz*
 
 
 %changelog
+* Mon Jan 05 2026 Richard W.M. Jones <rjones@redhat.com> - 1:5.8.2-1
+- New upstream version 5.8.2 (RHBZ#2423317)
+- Remove patches which are included in this release.
+
+* Sun Nov 23 2025 Richard W.M. Jones <rjones@redhat.com> - 1:5.8.1-4
+- Add final workaround for "Failed to enable the sandbox" (RHEL-125143)
+
+* Sat Nov 22 2025 Richard W.M. Jones <rjones@redhat.com> - 1:5.8.1-3
+- Add workaround for "Failed to enable the sandbox" (RHEL-125143)
+
+* Thu Apr 24 2025 Adam Williamson <awilliam@redhat.com> - 1:5.8.1-2
+- Empty rebuild to try and fix gating issue
+
+* Thu Apr 03 2025 Richard W.M. Jones <rjones@redhat.com> - 1:5.8.1-1
+- New upstream version 5.8.1
+- Fixes CVE-2025-31115 heap-use-after-free bug in threaded .xz decoder
+
+* Wed Mar 26 2025 Jakub Martisko <jamartis@redhat.com> - 1:5.8.0-1
+- New upstream version 5.8.0
+Resolves: rhbz#2341818
+
+* Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.6.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Fri Oct 11 2024 Richard W.M. Jones <rjones@redhat.com> - 1:5.6.3-2
+- perl-Compress-Raw-Lzma dep has been removed, rebuild
+  https://src.fedoraproject.org/rpms/perl-Compress-Raw-Lzma/pull-request/3
+
+* Wed Oct 02 2024 Richard W.M. Jones <rjones@redhat.com> - 1:5.6.3-1
+- New upstream version 5.6.3 (RHBZ#2316069)
+
+* Thu Aug 08 2024 Lukáš Zaoral <lzaoral@redhat.com> - 1:5.6.2-3
+- fix licenses and finish SPDX license conversion
+
+* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.6.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Thu Jun 20 2024 Richard W.M. Jones <rjones@redhat.com> - 1:5.6.2-1
+- New upstream version 5.6.2 (RHBZ#2283854)
+- Remove "Jia Tan" pubkey, replace with Lasse Collin's.
+
+* Thu Mar 28 2024 Richard W.M. Jones <rjones@redhat.com> - 1:5.4.6-3
+- Revert to 5.4.6, bump epoch
+
+* Sat Mar 09 2024 Richard W.M. Jones <rjones@redhat.com> - 5.6.1-1
+- New version 5.6.1 (RHBZ#2267598)
+- Reenable ifunc as it is supposed to be fixed in 5.6.1.
+
+* Mon Mar 04 2024 Richard W.M. Jones <rjones@redhat.com> - 5.6.0-3
+- --disable-ifunc (workaround for 2267598)
+
+* Thu Feb 29 2024 Adam Williamson <awilliam@redhat.com> - 5.6.0-2
+- Rebuild on a side tag to create a coherent update
+
+* Tue Feb 27 2024 Jindrich Novy <jnovy@redhat.com> - 5.6.0-1
+- Rebase to version 5.6.0
+
+* Mon Jan 29 2024 Richard W.M. Jones <rjones@redhat.com> - 5.4.6-1
+- New version 5.4.6 (RHBZ#2260521)
+- Fix Source URLs.
+
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Nov 01 2023 Richard W.M. Jones <rjones@redhat.com> - 5.4.5-1
+- New version 5.4.5 (RHBZ#2247487)
+
+* Thu Oct 19 2023 Debarshi Ray <rishi@fedoraproject.org> - 5.4.4-2
+- Mark translations of manuals with %%lang()
+
+* Wed Aug 02 2023 Richard W.M. Jones <rjones@redhat.com> - 5.4.4-1
+- New version 5.4.4 (RHBZ#2228542)
+
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu May 04 2023 Richard W.M. Jones <rjones@redhat.com> - 5.4.3-1
+- Rebase to version 5.4.3 (RHBZ#2179570)
+- Update the pubkey which appears to have changed.
+
+* Mon Apr 17 2023 Matej Mužila <mmuzila@redhat.com> - 5.4.2-1
+- Rebase to version 5.4.2 (#2179570)
+
+* Mon Jan 23 2023 Richard W.M. Jones <rjones@redhat.com> - 5.4.1-1
+- Rebase to version 5.4.1 (#2142405)
+
+* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Dec 01 2022 Richard W.M. Jones <rjones@redhat.com> - 5.2.9-1
+- Rebase to version 5.2.9 (#2142405)
+
+* Tue Nov 22 2022 Matej Mužila <mmuzila@redhat.com> - 5.2.8-1
+- Rebase to version 5.2.8 (#2142405)
+
+* Tue Aug 30 2022 Matej Mužila <mmuzila@redhat.com> - 5.2.7-1
+- Rebase to version 5.2.7 (#2131313)
+
+* Tue Aug 30 2022 Matej Mužila <mmuzila@redhat.com> - 5.2.6-1
+- Rebase to version 5.2.6 (#2117931)
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.5-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
 * Sat Apr 16 2022 Todd Zullinger <tmz@pobox.com> - 5.2.5-9
 - verify upstream GPG signature
 - xzgrep: arbitrary-file-write vulnerability (#2073310, CVE-2022-1271)
@@ -234,6 +353,7 @@ LD_LIBRARY_PATH=$PWD/src/liblzma/.libs make check
 - Cleanup spec
 
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.3-4
+
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 
 * Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.3-3
diff --git a/xzgrep-ZDI-CAN-16587.patch b/xzgrep-ZDI-CAN-16587.patch
deleted file mode 100644
index 406ded5..0000000
--- a/xzgrep-ZDI-CAN-16587.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From 69d1b3fc29677af8ade8dc15dba83f0589cb63d6 Mon Sep 17 00:00:00 2001
-From: Lasse Collin <lasse.collin@tukaani.org>
-Date: Tue, 29 Mar 2022 19:19:12 +0300
-Subject: [PATCH] xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587).
-
-Malicious filenames can make xzgrep to write to arbitrary files
-or (with a GNU sed extension) lead to arbitrary code execution.
-
-xzgrep from XZ Utils versions up to and including 5.2.5 are
-affected. 5.3.1alpha and 5.3.2alpha are affected as well.
-This patch works for all of them.
-
-This bug was inherited from gzip's zgrep. gzip 1.12 includes
-a fix for zgrep.
-
-The issue with the old sed script is that with multiple newlines,
-the N-command will read the second line of input, then the
-s-commands will be skipped because it's not the end of the
-file yet, then a new sed cycle starts and the pattern space
-is printed and emptied. So only the last line or two get escaped.
-
-One way to fix this would be to read all lines into the pattern
-space first. However, the included fix is even simpler: All lines
-except the last line get a backslash appended at the end. To ensure
-that shell command substitution doesn't eat a possible trailing
-newline, a colon is appended to the filename before escaping.
-The colon is later used to separate the filename from the grep
-output so it is fine to add it here instead of a few lines later.
-
-The old code also wasn't POSIX compliant as it used \n in the
-replacement section of the s-command. Using \<newline> is the
-POSIX compatible method.
-
-LC_ALL=C was added to the two critical sed commands. POSIX sed
-manual recommends it when using sed to manipulate pathnames
-because in other locales invalid multibyte sequences might
-cause issues with some sed implementations. In case of GNU sed,
-these particular sed scripts wouldn't have such problems but some
-other scripts could have, see:
-
-    info '(sed)Locale Considerations'
-
-This vulnerability was discovered by:
-cleemy desu wayo working with Trend Micro Zero Day Initiative
-
-Thanks to Jim Meyering and Paul Eggert discussing the different
-ways to fix this and for coordinating the patch release schedule
-with gzip.
----
- src/scripts/xzgrep.in | 20 ++++++++++++--------
- 1 file changed, 12 insertions(+), 8 deletions(-)
-
-diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in
-index b180936..e5186ba 100644
---- a/src/scripts/xzgrep.in
-+++ b/src/scripts/xzgrep.in
-@@ -180,22 +180,26 @@ for i; do
-          { test $# -eq 1 || test $no_filename -eq 1; }; then
-       eval "$grep"
-     else
-+      # Append a colon so that the last character will never be a newline
-+      # which would otherwise get lost in shell command substitution.
-+      i="$i:"
-+
-+      # Escape & \ | and newlines only if such characters are present
-+      # (speed optimization).
-       case $i in
-       (*'
- '* | *'&'* | *'\'* | *'|'*)
--        i=$(printf '%s\n' "$i" |
--            sed '
--              $!N
--              $s/[&\|]/\\&/g
--              $s/\n/\\n/g
--            ');;
-+        i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');;
-       esac
--      sed_script="s|^|$i:|"
-+
-+      # $i already ends with a colon so don't add it here.
-+      sed_script="s|^|$i|"
- 
-       # Fail if grep or sed fails.
-       r=$(
-         exec 4>&1
--        (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&-
-+        (eval "$grep" 4>&-; echo $? >&4) 3>&- |
-+            LC_ALL=C sed "$sed_script" >&3 4>&-
-       ) || r=2
-       exit $r
-     fi >&3 5>&-
--- 
-2.35.1
-